Linux Firewalld Setup task - Failed incorrectly

KodeKloud Engineer
#1

I attempted the Linux Firewalld Setup task today. Even though I completed and verified the task by running CURL from Jump Host and LBR host, i was still marked as failed. Apache Port was 8089 and NGinx port was 8095 from the respective configuration files.

- 'Apache' service on App Server 1 is not reachable from LB host

Please assist. The commands I used are below:

sudo systemctl start httpd
sudo systemctl start nginx
sudo yum install firewalld firewall-config -y
sudo systemctl start firewalld
sudo systemctl status firewalld
sudo systemctl enable firewalld
sudo firewall-cmd --permanent --zone=public --add-port=8095/tcp
sudo firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="172.16.238.14" port protocol="tcp" port="8089" accept'
sudo firewall-cmd --reload

All my verification steps from Jump Host and LBR Host below:

question
question540×915 60.1 KB

Apache connection from LBR
Apache connection from LBR1028×988 79.4 KB

nginx connection from LBR
nginx connection from LBR896×813 50.2 KB

Connections from Jump host
Connections from Jump host1247×984 83.9 KB

#2

Did you reload firewalld and check sudo firewall-cmd --list-all. Also need to start httpd and nginx service

#3

Yes, please see the command outputs above. You can see firewall changes have taken effect. Plus both Apache and Nginx are responding (See the ‘Server’ HTTP Header in the CURL outputs above)

#4

Hello KKE Team, Any inputs on the above issue would be much appreciated. @mmumshad @rahul456. For now, I have put my task under review process.

#5

Since there was no meaningful response, I attempted the task again (of course losing points). This time, I repeated the same exact steps. In addition, the 2 steps below:

  • Create an index.html with test content and put it under /var/www/html for each host
  • Configure Nginx as a reverse proxy for the Apache server, even though the question didn’t ask for the same

As expected, the task succeeded. So I take it that the verification expects an HTTP 200 response from Apache and Nginx from the LB host and an HTTP 200 response from Nginx and connection failure from Apache from another host e.g. Jump host.

The first time my tasks were marked as failed as the Nginx and Apache servers were returning HTTP 403 (Because there was no index.html present in Apache Document root and Nginx was not configured properly as reverse proxy). So, the verification process took this as a connection failure.

Hence, the question is not accurate and needs to be re-worded accordingly.

1 Like